Is the CIS-EM practice exam free?

Yes. ExamCademy offers all 125 CIS-EM practice questions for free with a registered account. No payment needed. Optional supporter features add AI explanations and spaced repetition study tools.

How accurate are the CIS-EM practice questions?

All CIS-EM questions are community-created and reviewed by moderators to align with ServiceNow's published exam objectives. The community continuously reports and fixes issues to keep content accurate and up to date.

How should I study for the CIS-EM exam?

Start by browsing practice questions to identify weak areas. Use spaced repetition (Learn Mode) to focus study time on topics you struggle with. Combine practice questions with official ServiceNow documentation and hands-on experience for best results.

CIS-EM Practice Exam — Free 125+ Questions

125Practice Questions

3Study Modes

FreeTo Get Started

Sort:

Question 1

Question 2

Question 3

Question 4

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Question 26

Page 1 of 5 • Questions 1-25 of 125

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

The individual commands that the Agent Client Collector executes on the host are known as what? (Choose three.)

A Events
B Checks
C Parameters
D Policies
E Metrics
F Scripts

What is Event Management licensing based on?

A The number of unique nodes that can send events to the instance
B The number of connectors and listeners it will collect data from
C The number of connectors it will collect data from
D The number of CIs in the CMDB that it will be monitoring

The additional information field is a JSON string that gives more information about an event. An example of a supported JSON string is:

A {"CPU":100}
B {"CPU":100,’Status":3}
C {"CPU":"100","Status":3}
D {"CPU":"100"}

The Event Management operator workspace can display all of the following except?

A Alert groups
B Manual application services
C Discovered application services from Service Mapping
D Correlation groups
E Technical services

What would be the primary use case for creating Javascripts in Event Management?

A To create a customized pull connector to retrieve events on behalf of an event source
B To automatically populate the Configuration Management Database (CMDB)
C To parse a nodename out of your raw event data in an event rule
D To run as part of a remediation workflow for IT alerts that fail to execute

You have a very large networking environment and have noticed that your event notifications are either not being triggered or are delayed.
What are best options to try to resolve this issue? (Choose two.)

A Ensure all Event Management – process events jobs are set to a Ready state
B Verify that the Bucket field in the event table is set to zero (0)
C Add additional event processor jobs
D Ensure multi-node event processing is disabled

When are anomaly alerts generated by Operational Intelligence displayed in alert intelligence?

A When the statistical model threshold is breached
B When they are promoted to IT alerts
C When it is manually promoted in insights explorer
D When the anomaly score is greater than 100

A Service is not viewable in Operator Workspace. What could be the issue?

A The service is a manual service
B The service is not set to operational
C The service was created through Service Mapping
D The service is a technical service

You have an event with a Source of ‘Trap from Enterprise 111’, but the alert created for this event shows a Source of ‘Oracle EM’. If you want to change what this is set to, where in the event rule would you do this?

A Transform and Compose Alert Output lab
B Event rule info tab
C CI Binding tab
D Event Filter tab

What makes all ServiceNow metrics, tasks, services, configuration items, assets, people, locations, and information a single system of record for IT and business processes?

A ServiceNow is installed within your datacenter providing you complete control
B All applications are built on the Oracle database standard, providing uniformity across products
C All applications that are built by ServiceNow utilize the same data model and code base
D ServiceNow runs on supported Windows servers and is managed through Windows Update
E A single table houses all data elements within ServiceNow
F ServiceNow utilizes the AWS MariaDB cloud database structure, providing a single system of record

When creating an alert management rule, where would you specify a workflow to resolve a given condition?

A From the Remediation tab
B From the Actions tab
C From the Launcher tab
D In the Related Links section

What types of system can a MID Server install on? (Choose two.)

A OpenVMS System
B Microsoft Windows Server
C Linux System
D Microsoft Windows Desktop
E Any system inside the customer firewall
F Mac OS X System

What would you use to define the monitoring sources allowed to communicate with the ServiceNow instance for Operational Intelligence?

A Metric Registration
B Metric Config Rules
C Metric Type Actions
D Metric to CI

The value of the Alert Priority score is a composite of what?

A The value of the alert’s category and its relative weight
B The value of the alert’s category and its Priority Group
C The value of the alert’s Severity and its Priority Group
D The value of the alert’s Severity and its relative weight

Which attribute is responsible for de-duplication?

A Metric_name
B Message_key
C Short_description
D Additional_info

What is the default collection/polling interval applied to all event connectors?

A Every 120 seconds
B Every 5 seconds
C Every 40 seconds
D Every 60 seconds
E Every 10 seconds

What feature would you use to trigger a workflow or automatically generate tasks via templates?

A Event rules
B Task rules
C Alert management rules
D Alert correlation rules

What are the valid states an alert can be in during its lifecycle?

A Open, Reopen, Flapping, Closed
B New, Updating, Waiting, Complete
C Open, Updating, Swinging, Closed
D Open, Warning, Flapping, Clear

What Event Management module allows for configuration of automatic task creation?

A Alert management rules
B Task rules
C Event rules
D Alert correlation rules

You have a system configured with a MID Web Server using Basic authentication to enable Operational Management Intelligence (OI) to push raw metric data to the MID Server. No data is getting through to the MID Server.
What is the most likely cause of the issue?

A The MID Web Server needs to be Restarted
B The MID Web Server needs to be Started
C An invalid secret key is being passed in the header information of the URL for the REST request
D An invalid password is set in the MID Web Server Context

In the event table, which field maps the external attributes from the target system?

A Resource
B Description
C Source
D Additional Information

By default, the Alert Console displays what type of alerts?

A All Primary, Open alerts and anomaly alerts with a Severity of Critical, Major, Minor, and Warning that are not in Maintenance mode
B All Primary and Secondary Open alerts and anomaly alerts with a Severity of Critical, Major, Minor, and Warning that are not in Maintenance mode
C All Primary alerts with a Severity of Critical, Major, Minor, Warning that are not in Maintenance mode
D All Primary, Open alerts with a Severity of Critical, Major, Minor, and Warning that are not in Maintenance mode
E All Primary and Secondary Open alerts with a Severity of Critical, Major, Minor, and Warning that are not in Maintenance mode

Which are recommended best practices for Event Management? (Choose three.)

A Filter out events on ServiceNow Instance for easier consolidation and aggregation.
B Promote all events to alerts during initial implementation until you fully understand which should be ignored.
C Filter out events at source rather than in the ServiceNow instance.
D Base-line “normal-state” events to filter out background noise.
E Ignore all non-critical events during initial implementation to streamline processing; add alerts over time as time and resources allow.

For an incoming event with a matching message key, what allows an existing alert to be automatically closed?

A In the event rule, set the Severity to 0
B In the alert rule, set the Severity to 0
C In the alert rule, set the Severity to -1
D In the event rule, set the Severity to -1

A support agent resolves an incident associated with an alert, but the alert does automatically close even though the evt_mgmt.incident_closes_alert property is set appropriately to close the alert.
What is the most likely cause of this issue?

A The support agent does not have the evt_mgmt_user role.
B The support agent only has the evt_mgmt_admin role.
C The support agent has the evt_mgmt_operator role, but not the evt_mgmt_user role.
D The support agent has the evt_mgmt_user role, but not the evt_mgmt_operator role.

CIS-EMPreview

About the CIS-EM Exam

Question 1

Question 2

Question 3

Question 4

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Question 26

CIS-EMPreview

About the CIS-EM Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Question 26